This invention relates in general to the field of secure communication and cryptography, in particular to key management and more particularly to cryptographic secure communication and key escrow.
Government agencies may need access to encryption keys of users or organizations for court-authorized law enforcement purposes. However, because of privacy and efficiency issues, it is desirable for private businesses or individuals to maintain their encryption keys for their employees and customers and to allow for emergency key recovery. It is also desirable to allow access by the government agencies only when such access is authorized by the courts.
Typically, key escrow is achieved through the assignment of a key management infrastructure (KMI) pair to the terminal. The terminal encrypts the traffic key with the public KMI key and sends out the encrypted traffic key in a key escrow field along with the encrypted traffic. The KMI keys are stored at a key escrow facility. Law enforcement agencies with a valid court order may obtain the KMI private and public keys from the key escrow facility. The KMI private and public keys are used to decrypt the key escrow field obtaining the traffic key, which in turn is used to decrypt the encrypted traffic.
This typical approach has several drawbacks. For example, a separate escrow facility is required and must be maintained. The terminal manufacture and escrow facility operator may have liability for providing and maintaining the KMI keys. Because the KMI keys are in the hands of a third party, users communications are potentially less secure reducing user confidence. A key escrow facility requires additional infrastructure beyond the communication terminals. Furthermore, the typical key escrow facility approach discourages user terminals from changing and generating their own KMI keys because of the authentication required in providing such keys to the key escrow facility.
The typical key escrow facility approach has other disadvantages. For example, the user is not aware of compromised transmissions when the KMI keys are compromised. Also foreign governments do not want secure terminals with key escrow in U.S. KMI facilities. Additionally, it is difficult to remove the ability to decrypt traffic after a court order for such access expires.
Accordingly, what is needed are a method and apparatus that provides access by the government to an encryption key pursuant only to a valid court order. What is also needed is an apparatus and method that allows law enforcement agencies to decrypt encrypted communications without a separate key escrow facility. What is also needed is an apparatus and method that allows a user terminal to generate it""s own KMI keys and reduces and possibly eliminates manufacturer liability for escrowing such keys. What is also needed is a method and apparatus that eliminates access to decrypted traffic after a court order has expired.